Will a warrent be required to access your email.

The House Judiciary Committee is going to be discussing the Electronic Communications Privacy Act. There is a chance that they will strengthen it.

This act was written decades ago, before there were any real cloud solutions. Email was downloaded by your email client, and immediately deleted from the server. They law assumed that any email left on a server more than 180 days had been abandoned, and so no warrant was required for law enforcement to obtain it.

These days, with services like gmail, we tend to keep our email on the servers for years, with no thought that it has been abandoned. Law enforcement is opposing reforms of this law because it would make their work more difficult. Doubtless it would, as does almost any civil liberty.

Earlier this month Zoe Lofgren introduced the Online Communications and Geolocation Protection act, amending ECPA. It would require a warrant to obtain cell phone location information. There is clearly some momentum for reform.

6 comments

Happy to see some reform and hope the recent attack in Boston does not create hype about killing off privacy reform as American’s lick our wounds from the PATRIOR Act. Privacy promotes our free society. If bad guys do what bad do, a warrant is not a blockade to justice, just a method to keep checks and balances.

Lance – our private and secure email ShazzleMail tossed aside the client/server architecture and uses a sender’s smartphone as the server. Feds could serve us, but we don’t have any emails to share. Check it out – http://shazzlemail.com/quick-start

This is an interesting concept. There is not enough technical explanation that I can find on the website to feel comfortable with what you are doing at this point.
I would like to see more about how the two parties are authenticated to each other, and how the connections are brokered when both parties are behind NAT firewalls (as will usually be the case).

2 parties are authenticated with public/private keys handshake that is confirmed by validating the public key in our registry. Additionally, an account holder can not update their public key if they don’t have user name/password correct.

As for the firewall issue, we use relays if the receiver is not addressable.

Would it be more helpful if I put you in touch with our CTO for further discussion?